Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Neal Stephensons cypherpunk novel Cryptonomicon contains a cryptosystem called Pontifex. This low-tech cryptographic algorithm uses a deck of playing cards to encrypt and decrypt messages. Outside of the book, this algorithm is actually called Solitaire. It was designed by cryptographer and security expert Bruce Schneier at the request of Neal Stephenson. Solitaire allows secure communications without having to rely on computers or other tools that might indicate that cover channels are being used, or where access to a computer is not possible. It was designed to be secure even against the most well-funded adversaries with the biggest computers and the smartest cryptanalysts. Solitaire gets its security from the inherent randomness of a shuffled deck of cards. Using this deck, keyed in a special way, two people can create a set of random letters that will be use to encrypt the messages. The process is somewhat slow, but its hard to spot that a deck of cards is being used to encrypt information.
Using Solitaire
For the cypherpunks out there, or crypto aficionados, Solitaire is an output-feedback mode stream cipher. As Schneier explains: The basic idea is that Solitaire generates a stream, often called a keystream, of numbers between 1 and 26. To encrypt, generate the same number of keystream letters as plaintext letters. Then add them modulo 26 to plaintext letters, one at a time, to create the ciphertext. To decrypt, generate the same keystream and subtract, modulo 26 from the ciphertext to recover the plaintext.
Encryption
Using Schneiers own example, this is how you encrypt a message using Solitaire. For this example, our plaintext message will be the same message used in Cryptonomicon: DO NOT USE PC. 1. Split the plaintext message into five-character groups. Use Xs to fill in the last group if necessary.
DONOT USEPC
3. Convert the plaintext message from letters into numbers, A=1, B=2, etc:
4 15 14 15 20 21 19 5 16 3
5. Add the plaintext number stream to the keystream numbers, modulo 26. Modulo 26 means that if the sum is more than 26, subtract 26 from the result. For example, 1+1=2, 26+1=27, and 27-26=1, so 26+1=1.
15 19 11 10 10 10 7 20 13 23
Decryption
The receiver of the message has to key the same keystream as the person encrypting. That is your encryption key. Then the receiver subtracts the keystream letters from the ciphertext letters. 1. Take the ciphertext message and put it in five-character groups.
OSKJJ JGTMW
2. Use Solitaire to generate ten keystream letters. If the receiver has the same key as the sender, the keystream letters will be the same:
KDWUP
ONOWT
5. Subtract the keystream numbers from the ciphertext numbers, modulo 26. For example, 22-1=21, 1-22=5. If the first number is less than or equal to the second number, add 26 to the first number before subtracting. So 1-22=? becomes 27-22=5.
4 15 14 15 20 21 19 5 16 3
3. Perform a triple cut. That is, swap the cards above the first joker with the cards below the second joker. If the deck used to look like:
2 4 6 B 5 8 7 1 A 3 9
First and second jokers refer to whatever joker is nearest to and furthest from the top of the deck, respectively. Ignore the A and B designations for this step. Remember that the jokers and the cards between them dont move; the other cards move around them. This is easy to do in your hands. If there are no cards in one of the three sections (either the jokers are adjacent, or one is on top or the bottom), just treat that section as empty and move it anyway. 4. Perform a count cut. Look at the bottom card. Convert it into a number from 1 through 53. (Use the bridge order of suits: clubs, diamonds, hearts, and spades. If the card is a club, it is the value shown. If the card is a diamond, it is the value plus 13. If it is a heart, it is the value plus 26. If it is a spade, it is the value plus 39. Either joker is a 53.) Use that number to count down from the top card. Cut after the card that you counted down to, leaving the bottom card on the bottom. If the deck used to look like:
5. 7 ... cards .. 4 5 ... cards ... 8 9
and the ninth card was the 4, the cut would result in:
5 ... cards ... 8 7 ... cards ... 4 9
The reason the last card is left in place is to make the step reversible. This is important for mathematical analysis of its security. A deck with a joker as the bottom card will remain unchanged by this step. Be sure not to reverse the order when counting cards off the top. The correct way to count is to pass the cards, one at a time, from one hand to another. Dont make piles on the table. 6. Find the output card. To do this, look at the top card. Convert it into a number from 1 through 53 in the same manner as in the previous step. Count down that many cards.
(Count the top card as number one.) Write the card after the one you counted to on a piece of paper; dont remove it from the deck. (If you hit a joker, dont write anything down and start over again with step 1.) This is the first output card. Note that this step does not modify the state of the deck. 7. Convert the output card to a number. As before, use the bridge suits to order them. From lowest to highest, we have clubs, diamonds, hearts, and spades. Hence, A-clubs through K-clubs is 1 through 13, A-diamonds through K-diamonds is 14 though 26, A-hearts through K-hearts is 1 through 13, and A-spades through K-spades is 14 through 26. (We need 1 through 26, and not 1 through 52, so we can get to letters.) Thats how to use Solitaire to encrypt a single character. You can use it to create as many keystream numbers as you need; just go through the same six steps once for each output character. (Dont rekey the deck). And remember, youll need one per message character.
19 as the cut number instead of the last card. Remember to put the top cards just above the bottom card in the deck, as before. Repeat the five steps of the Solitaire algorithm once for each character of the key. That is, the second time through the Solitaire steps use the second character of the key, the third time through use the third character, etc. Remember, though, that there are only about 1.4 bits of randomness per character in standard English. Youre going to want at least an 64-character passphrase to make this secure; Bruce Schneier recommend at least 80 characters.
Low-Tech Security
The Solitaire algorithm offers a secure and low-tech, if slow, solution to those who wish to communicate privately. Bruce Schneier has explained that he expected Cryptonomicon to be a best-seller, and that everyone would know the intricacies of how the algorithm works. As with any cryptographic algorithm, the success lies with the secrecy of the key. As long as the key remains secret, it is unlikely that any third-party will be able to decrypt ciphertext that has been encrypted with Solitaire. For more information regarding cryptanalysis, operational notes and security visit to Bruce Schneiers Solitaire site.